Richard:
I'm confused. How are you accessing the Flashboards tool and what version of ARS are you using?
James Mckenzie
________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of McCabe, Richard A. (CMS/CTR)
Sent: Thursday, August 17, 2006 12:57 PM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
**
James,
No, it is also required if you are using flashboards. We were watching our traffic with a sniffer, and when you open a form with a flashboard object, it builds a URL for your Mid-Tier server. This URL passes the users login credentials in clear text if you do not have SSL enabled.
Richard McCabe
________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3
Sent: Thursday, August 17, 2006 3:49 PM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
**
Richard:
SSL is required if you want to encrypt information between the Mid-Tier server and a web browser client. However, communications between the Mid-Tier server and the ARS server is encrypted by default in ARS 6.3 and ARS 7.0
James McKenzie
________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of McCabe, Richard A. (CMS/CTR)
Sent: Thursday, August 17, 2006 12:35 PM
To: [email protected]
Subject: Re: Encryption and Remedy ARS 6.3
**
Joe,
We found that this was related to flashboards, and was resolved by using SSL for the default web path, and mid tier.
Rick McCabe
________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Joe DeSouza
Sent: Thursday, August 17, 2006 12:21 PM
To: [email protected]
Subject: Encryption and Remedy ARS 6.3
**
Hello Listers,
To the best of my knowledge the Remedy User Tool sends authentication information as clear text over the network.. Correct me if I am wrong..
So if the above is right, I do remember Remedy used to sell an encryption product. Any information on this would be appreciated.
If no encryption product is used, how does the Mid-Tier client send the authentication information? Clear Text????
Rgds
Joe D'Souza
Remedy Developer / Consultant,
BearingPoint,
Virginia.
__20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___
__20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___
__20060125_______________________This posting was submitted with HTML in it___
